AMENDMENTS TO THE CLAIMS 



1. (Currently amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising the steps of: 

(•LL..redirecting, to an isolation environment comprising a user isolation scope and an 
application isolation scope., a request for a native resource made by a process 
executing on behalf of a first user; 

(blJocating an instance of the requested n tth e resource in the user isolation scope 
on behalf of a first user; and 

(c)... responding to the request for the native resource using the instance of the 
requested native resource located in the user isolation scope. 

2. (Currently amended) The method of claim 1 wherein step (b) comprises failing to locate 
an instance of the requested n tth <^ resource in the user isolation scope. 

3. (Original) The method of claim 2 wherein step (c) comprises redirecting the request to 
the application isolation scope. 

4. (Currently amended) The method of claim 3 further comprising the steps of: 

( d) locating an instance of the requested a it ] resource in the application isolation 
scope; and 

(e). responding to the request for the native resource using the instance of the 
resource located in the application isolation scope. 

5. (Currently amended) The method of claim 4 wherein step (e) comprises creating an 
instance of the requested ri y h e resource in the user isolation scope that corresponds to 
the instance of the requested riaj \ e resource located in the application isolation scope 
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and responding to the request for the native resource using the instance of the i g si 
native resource created in the user isolation scope. 

6. (Original) The method of claim 4 wherein step (d) comprises failing to locate an instance 
of the requested native resource in the application isolation scope. 

7. (Currently amended) The method of claim 6 wherein step (e) comprises responding to 
the request for the native resource using #H~a system-scoped native resource. 

8. (Currently amended) The method of claim 6 wherein step (e) comprises: 

creating an instance of the requested resource in the user isolation scope 

that corresponds to the instance of the requested resource located in 4>e-a system 
scope and responding to the request for the native resource using the instance of 
the resource created in the user isolation scope. 

9. (Original) The method of claim 1 further comprising the step of hooking a request for a 
native resource made by a process executing on behalf of a first user. 

10. (Original) The method of claim 1 further comprising the step of intercepting a request for 
a native resource executing on behalf of a first user. 

11. (Original) The method of claim 1 further comprising the step of intercepting by a file 
system filter driver a request for a file system native resource executing on behalf of a 
first user. 



12. (Original) The method of claim 1 wherein step (a) comprises redirecting to an isolation 
environment comprising a user isolation scope and an application isolation scope a 
request for a file made by a process executing on behalf of a first user. 



13. (Original) The method of claim 1 wherein step (a) comprises redirecting to an isolation 
environment comprising a user isolation scope and an application isolation scope a 
request for a registry database entry made by a process executing on behalf of a first user. 
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14. (Currently amended) The method of claim 1 further comprising the steps of: 

Cd) redirecting to the isolation environment a request for the native resource made by 
a second process executing on behalf of a second user; 

(c; locating an instance of the requested <• icsource in a second user isolation 
scope; and 

(f) responding to the request for the native resource using the •» instance of the 
native resource located in the second user isolation scope. 

15. (Original) The method of claim 14 wherein the process executes concurrently on behalf 
of a first user and a second user. 

16. (Currently amended) The method of claim 14 wherein step (c) comprises failing to locate 
an instance of the requested •:• resource in the second user isolation scope. 

17. (Original) The method of claim 16 wherein step (f) comprises redirecting the request to 
the application isolation scope. 

18. (Currently amended) The method of claim 17 further comprising the steps of: 

( d) locating an instance of the requested nati ve resource in the application isolation 
scope; and 

L:~i.rcsponding to the request for the native resource using the =. s^-.ssv . of the 

native resource located in the application isolation scope. 

19. (Currently amended) The method of claim 1 further comprising the steps of: 

(d) redirecting to the isolation environment a request for a native resource made by a 
second process executing on behalf of a first user; 
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(e) locating an instance of the requested native resource in the user isolation scope; 
and 



(f) responding to the request for the native resource using the v n - x of the 
resource located in the user isolation scope. 

20. (Currently amended) The method of claim 19 wherein step (e) comprises failing to locate 
an instance of the requested n.u!\ o resource in the user isolation scope. 

21. (Original) The method of claim 20 wherein step (f) comprises redirecting the request to a 
second application isolation scope. 

22. (Currently amended) The method of claim 21 further comprising the steps of: 

Ml locating an instance of the requested saj \ resource in the second application 
isolation scope; and 

(e) r esponding to the request for the native resource using the n ance of the 

native resource located in the second application isolation scope. 

23. (Original) An isolation environment for isolating access by application programs to 
native resources provided by an operating system, the isolation environment comprising: 

a user isolation scope storing an instance of a native resource, the user isolation 
scope corresponding to a user; and 

a redirector intercepting a request for the native resource made by a process 
executing on behalf of the user and redirecting the request to the user isolation 
scope. 

24. (Original) The apparatus of claim 23 wherein the isolation environment further 
comprises an application isolation scope storing an instance of the native resource. 



Serial No.: 10/711,737 
419271 lvl 



5 



Our Ref. No.: 2006579-0141 
Client Ref. No.: CTX-105 



25. (Original) The apparatus of claim 24 wherein the isolation environment further 
comprises a second application isolation scope storing an instance of the native resource. 

26. (Currently amended) The apparatus of claim 23 wherein the redirector returns a handle to 
the requesting x-tffii^KVH-j • . o>\ that identifies the native resource. 

27. (Original) The apparatus of claim 23 further comprising a rules engine specifying 
behavior for the redirector when redirecting the request. 

28. (Original) The apparatus of claim 23 wherein the redirector comprises a file system filter 
driver. 

29. (Original) The apparatus of claim 23 wherein the redirector comprises a function 
hooking mechanism. 

30. (Currently amended) The apparatus of claim 29 wherein the function hooking ;^p* :!r:;: ^ 
s-SvVit uu>.m intercepts an operation selected from &e-a group of file system operations, 
registry operations \ x ^ ^ s sen ices 

services, named object operations, window operations, file-type association operations 
and * ' i COMj server operations. 

3 1 . (Original) The apparatus of claim 23 wherein the application isolation environment 
further comprises a second user isolation scope storing a second instance of the native 
resource. 

32. (Original) The apparatus of claim 23 wherein the application isolation environment 
further comprises a second user isolation scope storing an instance of the native resource, 
the second user isolation scope corresponding to a second user. 
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